Complex Sequences in Safety Instrumented Systems

For complex processes like gasification units in the Oil Sands region of Northern Alberta, Canada, how do you handle the integration of complex sequences which involve both the safety instrumented system (SIS) and control system (BPCS–basic process control system in safety-speak)?

This was the subject of a recent paper given by Dean Taggart, a professional engineer and certified functional safety expert (CFSE) in Emerson’s Calgary-based Hydrocarbon and Energy Industry Center. Dean gave this paper along with members from Spartan Controls and the oil and gas producer, OPTI Canada.

The team gave the paper, Integration of Complex Sequences using DeltaV (presentation), at the 2007 AIChE Spring National meeting. Dean and the team quite comprehensively covered the areas of process and safety requirements and their technical concerns, and applying an implementation framework to this project.

With this post, I’ll zero in on the decisions of what should be within the span of the SIS and BPCS. As the team states, it’s clear what initially goes into the SIS:

Normally the process is designed in a Front End Engineering Design (FEED) phase, where vessels, pumps, piping, and instrumentation are proposed. The process goes through a HAZOP process, with the intent of identifying hazards. As these are considered, either through a PHA, LOPA, or Risk Analysis, SIL targets are determined and requirements for SIS are established [hyperlinks added to help with acronyms].

For complex processes, the SIS may be involved in the startup or stopping sequences, like in the burner management system on a gasification reactor. Normally the process of burner management involves closing off the feeds and the burner goes off. But for a gasification reactor, under high pressure and temperature, the vessel must evacuate the asphaltene quickly or it will harden and plug up the feed lines. A shutdown sequence is required to depressurize and cool down in a non-damaging way.

The choice the project team faced was either to perform all of the startup and shutdown sequences in the SIS or split them between the SIS and BPCS. The issue with splitting the sequence is increased configuration complexity, data mapping, communications diagnostics and handshaking logic required. And some common methods for this communication like MODBUS/serial communications and OPC, the communications throughput has to be carefully designed and tested. A bigger concerned stated in the paper:

In order to work properly, the BPCS and SIS would have to have “parallel” sequences which would need to be synchronized very tightly with each other. In the event that communications was lost during a startup or shutdown, each would have to execute separate and parallel actions. Since the actions may need to be modified based on process conditions, this adds even more complexity.

For this project, the team used the DeltaV system and DeltaV SIS and ran the sequence in the DeltaV SIS. The paper describes a simpler approach:

Under normal circumstances, the SIS runs the sequence, can override the BPCS when required, and can examine the health of the BPCS. The BPCS only performs process control, listens to the SIS for overrides, and can examine the health of the SIS. If communications is lost, the SIS can take the appropriate action (perhaps abort a startup, execute a shutdown, or may do nothing at all if in normal operation). In this case, the BPCS may continue to execute process control on some loops, and for others they may automatically be set to override or manual mode. The flexibility is there, and there is little concern over loss of communication.

If you have a project with hazardous areas with control system and SIS requirements, this paper is an excellent resource for an approach to think through the design process.

Posted Monday, May 21st, 2007 under Oil & Gas, Project Services, Safety.

Leave a Reply